Cancel

Division By Zero | Deark

Mar 15, 2021 2021-03-15T11:33:00+08:00 by Fatih Çelik

Updated Apr 15, 2021 2021-04-15T20:46:52+08:00 1 min

Version: 1.5.7-1

Bug: Division by Zero

CVE: CVE-2021-28856

Description of the product:

A utility for file format and metadata analysis, data extraction, decompression, and image format decoding.

Summary:

An issue was discovered in Deark v1.5.7-1. A specially crafted input file can cause a division by zero in (src/fmtutil.c: 1621) because of the value of bi→pixelsize.

Fix:

https://github.com/jsummers/deark/commit/62acb7753b0e3c0d3ab3c15057b0a65222313334

Vulnerability Research

vulnerability research

This post is licensed under CC BY 4.0 by the author.

Recent Update

Missing IP Address Control in isPublic() Function Leads to SSRF Bypass PoC
Group Office CRM | Stored XSS via SVG File
Group Office CRM | SSRF
Division By Zero | Deark
NULL Pointer Dereference | Deark

Division By Zero | Deark

Further Reading

CMSUno 1.6.2 | RCE [Authenticated] (password.php) | CVE-2020-25557

Sentrifugo 3.2 | RCE [Authenticated] (announcements) | CVE-2020-26804

Sentrifugo 3.2 | RCE [Authenticated] (assets) | CVE-2020-26803

Trending Tags